SameSite cookie

SameSite is a cookie attribute (Strict, Lax, or None) that controls whether a cookie is sent on requests originating from other sites. Setting it to Lax or Strict is a strong, low-effort defence against CSRF because the session cookie simply isn't attached when the request comes from an attacker's page. SameSite=None requires the Secure flag and is only for genuine cross-site use.